Inconsistent frontend logging from an external health check

Help!
1

My haproxy frontend config looks like this:

frontend testthing.com
  bind :1234 ssl crt /etc/ssl/pem/mycert.pem
  mode tcp
  log-format "%ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq %sslv %sslc"
  option logasap
  tcp-request connection expect-proxy layer4
  default_backend my-backend

From a different server, I have an haproxy backend that connects to it, and does health checks:

backend testthing
  mode tcp
  server testthing 1.2.3.4:1234 send-proxy check ssl verify none

That backend reports that testthing is always up, however I’m seeing the following haproxy logs on the frontend server:

Dec 14 02:47:54 my-host-a haproxy[21364]: 10.10.10.11:44748 [14/Dec/2023:02:47:54.456] testthing.com/1: Success
Dec 14 02:47:56 my-host-a haproxy[21364]: 10.10.10.11:44764 [14/Dec/2023:02:47:56.460] testthing.com/1: Success
Dec 14 02:47:58 my-host-a haproxy[21364]: 10.10.10.11:44772 [14/Dec/2023:02:47:58.463] testthing.com/1: Success
Dec 14 02:48:00 my-host-a haproxy[21364]: 10.10.10.11:57924 [14/Dec/2023:02:48:00.467] testthing.com/1: Success
Dec 14 02:48:02 my-host-a haproxy[21364]: 10.10.10.11:57928 [14/Dec/2023:02:48:02.470] testthing.com~ my-backend/<NOSRV> -1/-1/+3 +0 SC 1/1/0/0/0 0/0 TLSv1.3 TLS_AES_256_GCM_SHA384
Dec 14 02:48:04 my-host-a haproxy[21364]: 10.10.10.11:57934 [14/Dec/2023:02:48:04.476] testthing.com/1: Success
Dec 14 02:48:06 my-host-a haproxy[21364]: 10.10.10.11:57950 [14/Dec/2023:02:48:06.479] testthing.com/1: Success
Dec 14 02:48:08 my-host-a haproxy[21364]: 10.10.10.11:57952 [14/Dec/2023:02:48:08.482] testthing.com/1: SSL handshake failure
Dec 14 02:48:10 my-host-a haproxy[21364]: 10.10.10.11:47886 [14/Dec/2023:02:48:10.487] testthing.com/1: SSL handshake failure
Dec 14 02:48:12 my-host-a haproxy[21364]: 10.10.10.11:47900 [14/Dec/2023:02:48:12.491] testthing.com/1: Success

Sometimes “Success”, sometimes “SSL handshake failure”, and sometimes a log that looks like a regular connection that prints the TLS version and cipher.

Both instances of haproxy are running version 2.8.5.

When I downgrade the frontend instance of haproxy to version 1.9, I consistently get the log similar to this, for every health check:

Dec 14 02:48:02 my-host-a haproxy[21364]: 10.10.10.11:57928 [14/Dec/2023:02:48:02.470] testthing.com~ my-backend/<NOSRV> -1/-1/+3 +0 SC 1/1/0/0/0 0/0 TLSv1.3 TLS_AES_256_GCM_SHA384

What is going on here? I can link tcpdumps if that would help.

Also, I get the same result of weird logging if the send-proxy and expect-proxy bits are removed.